Report: Money Makes Malware World Go Round

By Erika Morphy
Mar 19, 2007 1:13 PM PT

Data theft has become the raison d'etre for malware on the Internet, according to the latest figures released by security vendor Symantec.

As in previous years, the vendor reported upticks in data thefts, malware and phishing scams. What is different about this year, said Alfred Huger, vice president of engineering at Symantec Security Response, is that data theft has become the norm.

"The trend has always been there -- hackers have always been interested in financial gain," he told TechNewsWorld. "Now, though, it seems that every piece of malicious code on the Internet somehow ties back to data theft."

The trend became solid in 2006, Huger said, and developed into a visible underground economy in the last six months.

For the first time, Symantec followed the trade of stolen personal information on underground economy servers. It found these servers are used by hackers and criminal organizations to sell stolen data including social security numbers, credit cards, personal identification numbers (PINs), and e-mail address lists.

Price points were shockingly low for such information, according to Symantec. U.S.-based credit cards with a card verification number were available for between US$1 and $6 while a complete identity -- including a U.S. bank account, credit card, date of birth and government-issued identification number -- was available for between $14 and $18.

Scams More Sophisticated

Online scams, usually perpetrated through e-mail fraud, are increasing and becoming more sophisticated, Symantec found, and are often timed to coincide with specific events.

During the second half of 2006, spam made up 59 percent of all monitored e-mail traffic. Thirty percent of all spam related to the financial services industry -- for example, so-called pump-and-dump scams.

Over the last six months of 2006, Symantec tracked a total of 166,248 unique phishing messages -- an average of 904 per day. That figure reflects a 6 percent increase over the first six months of 2006.

For the first time, Symantec tracked the impact a phishing attack had when it was sent on a certain day or around a certain event.

An average of 27 percent fewer unique phishing messages were sent on weekends than on weekdays, when 961 were sent on average. This trend indicates that phishing activity mirrors the business week, with attackers attempting to mimic a legitimate company's e-mail practices, Symantec said.

Phishing activity increased during major holidays and other high-profile events, Symantec observed, such as the FIFA World Cup, with attackers crafting theme-specific social engineering ruses.

Tax Season

Indeed, hackers are now gearing up for tax season -- the mother lode of special event phishing, Paul Henry, vice president of technology evangelism at Secure Computing, told TechNewsWorld.

"Phishing scams are becoming more sophisticated -- that is very clear," he said.

This year's tax filing season is likely to be the riskiest so far, Henry noted, pointing to the increased number of hackers trying to gain financial information, the increased number of people filing returns online from unsecured personal computers, and the increased number of drive-by phishing attacks. Drive-by attacks use malicious code to corrupt an ISP (Internet service provider) so that a user who types in an address -- say the IRS Web site, for example -- is redirected to a malicious site.

"This in particular is very frightening, because the common sense advice to people to avoid fraud is to type in the address manually. Now that safeguard is gone," Henry said.

Other findings from the Symantec report:

More than 6 million distinct bot-infected computers were identified worldwide during the second half of 2006, representing a 29 percent increase from the previous period. However, the number of command-and-control servers used to relay commands to the bots decreased by 25 percent, suggesting that bot network owners are consolidating and increasing the size of their existing networks.

Trojans made up 45 percent of the top 50 malicious code samples -- a 23 percent increase over the first six months of 2006.

Twelve zero-day vulnerabilities during the second half of 2006 were documented, a significant increase from the one zero-day vulnerability documented in the first half of 2006.